Saturday, May 1. 2010

Remove IPs from Outgoing Mail (Postfix SMTP)

I use Postfix as SMTP server. By default, it includes every user's IP and hostname in outgoing mails, even internal ones. As there is no need for the outside world to see what IPs I am using internally, I dedided to remove IP headers from outgoing email. This does not have to mean that they're not logged. And besides, at the moment I am the only one using my server, so mails can still be traced to me. This post explains how.

Postfix (or any other SMTP server) receives mail from other mail servers ("incoming"), and mails by users ("outgoing"). As we don't want to strip any headers from incoming mail, we first have to force all users to authenticate (which is a good thing anyway), and make Postfix add another header to authenticated ("outgoing") mails. Then, we can match this header and strip both the Received line containing internal hostnames and IPs, and the authenticated header.

/etc/postfix/main.cf:

# add header for authenticated mail to strip IP

smtpd_sasl_authenticated_header = yes

header_checks = regexp:/etc/postfix/header_checks

/etc/postfix/header_checks

/^Received: .*\(Authenticated sender:.*/  IGNORE

/^Received: by yourdomain\.com .*from userid [0-9]+\)/  IGNORE

(replace yourdomain.com by your server's name)

Source/Additional information: Noel Jones: About removing Received headers with internal IP addresses (10.09.2008, postfix-users mailing list)

Defined tags for this entry: debian, linux, postfix, privacy

Related entries by tags:

Comments

Display comments as (Linear | Threaded)

Interesting approach - but of course the consequences of your idea have to be checked: how does spam-recognition think about that? How long will it take until your servers are blacklisted with this config and you will be de facto cut off from the world? Any real life experience?
Please report!

#1 Snaky on 2011-01-04 10:44 (Reply)

Last time I checked, Google Mail also doesn't include the user's IP when using the web interface. There is absolutely no requirement to forward this information to third parties. I have been using the configuration above for a long time now. Why would my server get blacklisted when there is never any spam coming from it?

Also, many users use a relay host, because their own infrastructure is on a dynamic IP, or they don't want to cope with the details of running a public mailserver that basically has to be up 24/7. Removing the 'first incoming IP' is really nothing to be worried about.

An obvious reminder: This will only make you anonymous among the set of users of this mail server. In my case, as the only user of the server, it stops location tracking. It does not make me anonymous.

Most email providers don't want to remove IPs because they don't want to deal with abuse complaints. It would be easy to match message IDs or some inserted random header in case, but it's just too much work for most ISPs.

#1.1 Moritz on 2011-01-04 11:00 (Reply)

Actually, this PREVENTS overzealous spam filters from blocking your mail.

The rason is that some spam filters mark as spam any mail that has a dynamically-assigned IP address in ANY Received: header. This is obviously wrong if the user of said dynamic IP is authenticated (but arguably sensible if the dynamic IP user is not, as in spambots on infected user PCs).
So, removing the user name and IP for authenticated users is good.
I currently use something a bit more elaborate that leaves the Received: line in but edits out the IP and user name. I found the recipe on the Postfix-Users mailing list.

#1.2 Jan on 2011-12-10 09:23 (Reply)

> How long will it take until your servers are blacklisted with this config and you will be de facto cut off from the world?

You won't be blacklisted. Many companies use this to hide internal IPs. There is no reason (other than nefarious purposes) for the world+dog to know the internal IP space of an intra-net.

If you blacklisted are then then something is incorrectly configured.

#2 Bob on 2011-02-07 15:40 (Reply)

Add Comment

Frontpage - Top level

Choose Language

Twitter

"Kritisch Lesen" 14 zum Thema Kapitalismus, Märkte, Krisen https://t.co/6tfmpIffTuesday, February 7 2012
AG Köln: #Wikipedia-Angaben als Grundlage für Gerichtsurteil http://t.co/fCJj411xTuesday, February 7 2012
Heise darf wieder uneingeschränkt über #Megaupload berichten http://t.co/rJpdCWemTuesday, February 7 2012
Wochenend taz-Interviews zu Geld. Lesenswert! Nummer Eins: http://t.co/XXGaQ39f Nummer Zwei: http://t.co/pXQuNQdYMonday, February 6 2012
Oooh ich mag meinen Kontostand grad... (sämtliche festangelegte Ersparnisse ausgelöst um sie für die @hackerbus Tour zu verpulvern)Monday, February 6 2012